|View printer-friendly version
FTI Consulting Survey Reveals CISOs Struggle to Effectively Articulate the Business Impact of Cyber Risks
This research explores the communications challenges facing CISOs and those in charge of information security and illuminates the struggles of CISOs and information security leaders to more clearly communicate — both internally and externally — their role, leadership and management of cybersecurity.
Among CISOs surveyed, 85% said that the prominence of cybersecurity on the board’s agenda has increased over the last 12 months, with 79% feeling heightened scrutiny from senior leadership. The lack of executive leadership understanding CISOs’ roles (55%) prevents CISOs from articulating critical priorities, with 53% saying their cybersecurity priorities are not completely aligned with their organizations’ C-suite leadership.
Despite this increased prominence, the majority of CISOs (58%) surveyed revealed their struggle to articulate technical information and effectively communicate cyber risk in a manner that the board and senior leadership can understand. Ultimately, a disconnect between the CISO and board and leadership priorities may negatively impact an organization’s ability to effectively prepare for and respond to a cyber incident.
“There is increasing evidence that boards and leadership teams recognize the growing cybersecurity risk to their organizations,” said
Other key survey findings include:
- With mounting pressure, 82% of CISOs claim that they feel the need to positively exaggerate their role to their board.
- Even as cybersecurity awareness grows, 58% of CISOs struggle to communicate technical language to their boards, and 63% feel that their concerns are not aligned with senior leadership priorities, potentially leaving companies exposed to a possible incident or regulatory sanction.
- While 88% of CISOs surveyed have experienced a cyber incident in the last 12 months, 46% of the respondents claim these incidents were not mitigated quickly and continue to struggle to rebuild trust and confidence among leadership following the incident.
- 52% of CISOs claim that managing communications with internal and external stakeholders is the biggest challenge when responding to an incident, and 63% believe that their cyber concerns are not fully aligned with senior leadership’s priorities and could leave companies exposed to a possible incident or regulatory sanction.
While 66% of CISOs feel that their senior leadership struggle to understand the CISO’s role, over half state that they struggle to communicate technical language in a way their board members can comprehend. In response to those results,
555 12th Street NW
Source: FTI Consulting, Inc.